UNM Information Security Program (ISMS)

1. UNM Information Security Program (ISMS) Presented by: Lawrence Alderete, Information Security Analyst II Michael Burlison, Information Security Analyst III Jeff Gassaway, Information Security & Privacy Officer Lucas Walker, Information Security Analyst II

2. Agenda • Program History • Program Framework • Current Program Components • Forthcoming Program Components • Future Iterations of the ISMS

3. Definition: ISMS • Information Security Management System!

4. Program History • In the Beginning … • CIRT Computer Use Guide • Acceptable Computer Use Policy (2500) • Policies • 2530 (Remote Electronic Input to the Financial Accounting Systems) • 2520 and 2530 Merged into 2520 II (GLBA Program) • 2520 III (Computer Security Controls and Access to SPI) • ISO 27001, the Framework

5. Program Framework • ISO 27001 • International Standard • Describes ISMS Framework • Planning/ Development • Implementation and Operational Management • Effectiveness Assessment • Improvement/ Evolution

6. Current Program Components • Vulnerability Management 12/15 • Incident Management 4/16

7. Vulnerability Management

8. Incident Management

9. Forthcoming Program Components • Event Management – 8/16 • Awareness Management – 11/16

10. Future Iterations of the ISMS • Continuous Evaluation • Continuous Improvement

11. Preguntas? • Help.UNM • security@unm.edu • 277-2497